The Taliban's seizure of HIIDE (Handheld Interagency Identity Detection Equipment) biometric registration and identification devices aroused concern when it was first reported, but the risks of that loss, while real, seem likely to be limited. MIT Technology Review argues that a more serious matter is the insurgent government's acquisition of APPS, the Afghan Personnel and Pay System used by the deposed government's Ministries of Defense and the Interior. APPS data were unprotected by retention or deletion policies and was presumably seized intact.
Another DeFi cryptocurrency platform, Cream Finance, has suffered the theft of $29 million. Cream suspended "supply and borrow" in the affected AMP market shortly after blockchain security firm PeckShield detected activity that looked like a reentrancy criminal attack.
Control Global points out the potential threat of hardware backdoors in transformers and other power generation, transmission, and distribution equipment. The essay also notes the limitations of software bills of materials in addressing this risk. The threat may illustrate the familiar maxim that lowest cost doesn't always equate to best value.
The Register reports that the LockBit ransomware gang has, in the wake of Bangkok Airways' refusal to pay the ransom, begun to release the personal data the gang stole. The size of the data dump is assessed variously, with estimates coming in between 103GB and more than 200GB.
The US Cybersecurity and Infrastructure Security Agency (CISA) has opened registration for the President’s Cup Cybersecurity Competition. Individuals can register through October 4th; teams have until September 20th to sign up.